Skip to content

Instantly share code, notes, and snippets.

@arantius arantius/index.php
Created Feb 3, 2016

What would you like to do?
Test script for online edit of `.user.js` files.
// This proof of concept script is FULL OF SECURITY ISSUES.
// Don't use it, don't install it, don't expose it anywhere.
// Context:
if (isset($_POST['file'])) {
$fp = fopen($_GET['file'], 'wb');
fwrite($fp, $_POST['content']);
header('Location: ' . $_SERVER['SCRIPT_NAME']);
} else if (isset($_GET['mode']) && 'install' == $_GET['mode']) {
$fp = fopen($_GET['file'], 'rb');
header('Content-type: text/plain');
header('Content-length: ' . filesize($_GET['file']));
header('Content-type: text/html');
<!DOCTYPE html>
<title>Script Editor</title>
if (isset($_GET['file'])) {
print "<form method='post' action='?save&file={$_GET['file']}'>";
print "<input type='hidden' name='file' value='{$_GET['file']}'>";
print "<textarea rows=20 cols=80 name='content'>";
$fp = fopen($_GET['file'], 'rb');
print htmlspecialchars(fread($fp, filesize($_GET['file'])), ENT_QUOTES);
print "</textarea><br>";
print "<input type='submit' value='Save'>";
print "</form>";
print "<hr>";
print "<a href='?file={$_GET['file']}'>Edit</a> ";
print "<a href='?mode=install&file={$_GET['file']}'>Install</a> ";
} else {
print '<ul>';
foreach (glob('*.user.js') as $filename) {
print "<li>$filename ";
print "<a href='?file=$filename'>Edit</a> ";
print "<a href='?mode=install&file=$filename'>Install</a> ";
print "</li>";
print "<li><form>New file: <input type='text' name='file'><input type='submit'></form</li>";
print "</ul>";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.